diff --git a/app.js b/app.js index 6ed7d4930b..12caa7d88b 100644 --- a/app.js +++ b/app.js @@ -179,7 +179,7 @@ async function startServer (host, port) { * @returns {string} The path is it's safe, thorws otherwise */ function getSafePath (req) { - let reqPath = req.params.path + let reqPath = req.query.path if (typeof reqPath !== 'string') { throw Error('Invalid path') @@ -830,54 +830,45 @@ app.post('/api/importConfig', apisLimiter, isAuthenticated, async function ( } }) -// get config +// if no path provided return all store dir files/folders, otherwise return the file content app.get('/api/store', storeLimiter, isAuthenticated, async function (req, res) { try { - async function parseDir (dir) { - const toReturn = [] - const files = await fs.readdir(dir) - for (const file of files) { - const entry = { - name: path.basename(file), - path: utils.joinPath(dir, file) - } - const stats = await fs.lstat(entry.path) - if (stats.isDirectory()) { - entry.children = await parseDir(entry.path) - } else { - entry.ext = file.split('.').pop() - } - - entry.size = utils.humanSize(stats.size) - toReturn.push(entry) - } - return toReturn - } + let data + if (req.query.path) { + const reqPath = getSafePath(req) - const data = await parseDir(storeDir) + const stat = await fs.lstat(reqPath) - res.json({ success: true, data: data }) - } catch (error) { - logger.error(error.message) - return res.json({ success: false, message: error.message }) - } -}) - -app.get('/api/store/:path', storeLimiter, isAuthenticated, async function ( - req, - res -) { - try { - const reqPath = getSafePath(req) + if (!stat.isFile()) { + throw Error('Path is not a file') + } - const stat = await fs.lstat(reqPath) + data = await fs.readFile(reqPath, 'utf8') + } else { + async function parseDir (dir) { + const toReturn = [] + const files = await fs.readdir(dir) + for (const file of files) { + const entry = { + name: path.basename(file), + path: utils.joinPath(dir, file) + } + const stats = await fs.lstat(entry.path) + if (stats.isDirectory()) { + entry.children = await parseDir(entry.path) + } else { + entry.ext = file.split('.').pop() + } + + entry.size = utils.humanSize(stats.size) + toReturn.push(entry) + } + return toReturn + } - if (!stat.isFile()) { - throw Error('Path is not a file') + data = await parseDir(storeDir) } - const data = await fs.readFile(reqPath, 'utf8') - res.json({ success: true, data: data }) } catch (error) { logger.error(error.message) @@ -885,10 +876,7 @@ app.get('/api/store/:path', storeLimiter, isAuthenticated, async function ( } }) -app.put('/api/store/:path', storeLimiter, isAuthenticated, async function ( - req, - res -) { +app.put('/api/store', storeLimiter, isAuthenticated, async function (req, res) { try { const reqPath = getSafePath(req) @@ -907,7 +895,7 @@ app.put('/api/store/:path', storeLimiter, isAuthenticated, async function ( } }) -app.delete('/api/store/:path', storeLimiter, isAuthenticated, async function ( +app.delete('/api/store', storeLimiter, isAuthenticated, async function ( req, res ) { diff --git a/src/apis/ConfigApis.js b/src/apis/ConfigApis.js index a68e1f5c00..cd0672348c 100644 --- a/src/apis/ConfigApis.js +++ b/src/apis/ConfigApis.js @@ -95,17 +95,21 @@ export default { return response.data }, async getFile (path) { - const response = await request.get('/store/' + encodeURIComponent(path)) + const response = await request.get('/store', { params: { path } }) return response.data }, async writeFile (path, content) { - const response = await request.put('/store/' + encodeURIComponent(path), { - content - }) + const response = await request.put( + '/store', + { + content + }, + { params: { path } } + ) return response.data }, async deleteFile (path) { - const response = await request.delete('/store/' + encodeURIComponent(path)) + const response = await request.delete('/store', { params: { path } }) return response.data }, downloadZip (files) {